00:21 <neynah> I've added http://drawpile.net/ to the voting list. *crosses fingers

16:31 <ocdtrekkie> I have RSVP'd at this thing: http://www.meetup.com/Chicago-Open-Source-Open-Mic/events/224632294/

19:42 <XgF> kentonv: I see in your new desktop post you were looking for ECC to defend against RowHammer

19:42 <XgF> FWIW ECC isn't useful for that

19:43 <XgF> (ECC has about a 3/4ths chance of turning the exploit from escallation into DOS and a 1/4th chance of doing nothing of use)

20:06 <dwrensha> XgF: is there anything one can do to protect against RowHammer, then?

20:06 <XgF> Use Rowhammer resistant RAM

20:06 <XgF> This mostly means DDR4

20:09 <XgF> The other option (which is rather hard) is for the OS to work out your RAM & DRAM controller's banking layout and leave gaps between processes

20:23 <dwrensha> XgF: re ECC, slowing down the attack by a factor of 4 still sounds better than nothing

20:24 <XgF> dwrensha: it converts the attack from privilege escallation into kernel panic

20:24 <XgF> 3/4ths (ish) of the time

20:24 <dwrensha> even better

20:24 <dwrensha> I'll definitely notice a kernel panic

20:25 <XgF> But, like, if you're buying expensive RAM, just buy expensive RAM which has fixed the issue :P

20:52 <mnutt_> is it expected that ekam will always trigger a rebuild when files are changed? is anyone using it while developing through the vagrant nfs bridge?

20:57 <kentonv> XgF: Thanks but Mark Seaborn, the Google Chrome security engineer who actually made a working exploit out of rowhammer, disagrees. In their tests they were unable to trigger rowhammer in ECC RAM.

20:58 <kentonv> XgF: that said, yes, I plan to buy DDR4. ECC is "defense in depth".

21:01 <kentonv> mnutt_: In continuous mode it should trigger rebuilds any time something in the source tree changes (but it doesn't watch installed files, etc.). It's entirely possible that it doesn't work well on non-local filesystems since sometimes they don't support inotify correctly.

21:02 <mnutt_> kentonv: thanks, good to know. I’m guessing it’s something to do with the nfs bridge.

21:04 <kentonv> mnutt_: I think what you want is somehow for the guest machine to be the host of the filesystem, and for the host machine to access said filesystem over network to the guest.

21:04 <kentonv> mnutt_: Because the guest machine is the one running ekam so needs to know about all changes.

21:07 <mnutt_> yeah, I think you’re right. for the time being I’ll probably just touch the files from the guest when I need a rebuild

21:32 <XgF> kentonv: the person who demonstrated the Chrome exploit did so on ECC systems

21:32 <XgF> kentonv: ECC repairs aren't done regularly enough to compensate for rowhammer

21:34 <kentonv> XgF: do you have a reference for that?

21:34 <XgF> This was a discussion I had with them on another channel

21:37 <kentonv> I'll ask Mark next time I see him but the last time I talked to him he said ECC got the job done in practice (even if not theoretically foolproof).